Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.5: Use the built-in firewall to block web sharing System 10.5
Leopard's built-in firewall is great, but as soon as you use web sharing (eg, for local testing), it is added to the allow list of the firewall (under "Set access for specific services and applications").

But it's easy to change that, and to block any incoming connection to your local web server from outside your Mac:
  1. In the Finder (Go » Go to Folder...), go to folder /usr/sbin and locate the file httpd
  2. Open System Preferences » Security » Firewall), and select the "Set access for specific services and applications" option.
  3. Click on the "+" button at the bottom of the list, then drag the file httpd from /usr/sbin in the Finder to the Open dialog, then click Add (Validate).
  4. In the list of services, locate httpd, then select "Block incoming connections" in the popup menu.
Note: you may wish to do the same for mysqld, located in /usr/local/mysql/bin. This way, you can use your local web server and MySQL from your Mac, but nobody can connect from the outside.

[robg adds: A commenter on the queue site notes that you can make these changes in the Apache and MySQL config files instead. In Apache's config file (/etc/apache2/httpd.conf), change Listen 80 to Listen 127.0.0.1:80. For MySQL, find the my.cnf file (usually in usually in /etc or /usr/local/etc), and look for the [mysqld] section of the file. Add either bind-address=127.0.0.1 or the more-restrictive skip-networking option to this file. Apparently skip-networking will still allow local connections via Unix socket, not TCP. The difference with this method is that you don't even need to use the built-in firewall.]
    •    
  • Currently 1.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (2 votes cast)
 
[11,538 views]  

10.5: Use the built-in firewall to block web sharing | 4 comments | Create New Account
Click here to return to the '10.5: Use the built-in firewall to block web sharing' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.5: Use the built-in firewall to block web sharing
Authored by: patpro on Dec 07, '07 08:21:28AM

as far as I can say, Mysql is not bundled with Mac OS X client, so I don't see the point in mentioning it.

---
http://www.patpro.net/



[ Reply to This | # ]
10.5: Use the built-in firewall to block web sharing
Authored by: TvE on Dec 08, '07 04:22:05AM

Hmm - perhaps since most people using Apache also use mysql.
I personally find the comment very relevant!



[ Reply to This | # ]
10.5: Use the built-in firewall to block web sharing
Authored by: etresoft on Dec 07, '07 08:44:14AM

What about selecting "Allow only essential services"? The local webserver and mysql still work fine.



[ Reply to This | # ]
Allow only essential services
Authored by: Rainy Day on Feb 01, '09 05:00:09PM
The "Allow only essential services" option really locks down the computer and blocks most services, like file sharing, remote access, screen sharing, iChat, etc. Although it will allow the Mac to announce itself via Bonjour, nobody will be able to connect to shared folders, for example. It can also prevent outbound services like TFTP (which can be used to upload files to routers for firmware flashing).

This option may be too restrictive for many applications.

[ Reply to This | # ]